←back to thread

How encryption for Cinema Movies works

(serverless.industries)
230 points perryflynn | 1 comments | 20 Apr 25 17:52 UTC | HN request time: 0.212s | source
Show context
vitplister ◴[23 Apr 25 19:21 UTC] No.43775734[source]
Maybe someone with more knowledge could comment on what happened here: https://wikileaks.org/sony/docs/05/docs/Digital%20Cinema/Dig...
replies(1): >>43776151 #
1. perryflynn ◴[23 Apr 25 20:08 UTC] No.43776151[source]
Well, the DCI system relies on trusted (TPM-ish) hardware. One server vendor has used insecure certificates. So if a AES key for a movie is encrypted / shipped for such insecure certificate the AES key for the movie can be decrypted outside of the actual projector hardware.

This is one reason why they use Device lists, if such a issue becomes public, they will just block this specific projector or the whole product line for future movie releases and the leak is contained.

Also only movies which got assigned to that projection system are affected. So the damage is low/medium.